CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
protectIdentifiers example
$exFields = [];
$newFields = [];
foreach ($this->fields as $name => $details) {
$newFields[] = $details['new_name'] ?? $name;
$exFields[] = $name;
}
$exFields = implode(
', ',
array_map(fn ($item) => $this->db->protectIdentifiers($item), $exFields)
);
$newFields = implode(
', ',
array_map(fn ($item) => $this->db->protectIdentifiers($item), $newFields)
);
$this->db->query(
"INSERT INTO {$this->prefixedTableName}({$newFields}) SELECT {$exFields} FROM {$this->db->DBPrefix}temp_{$this->tableName}"
);
}
return 0;
}
$columnTypeList = array_column($fieldDatas, 'type', 'name');
$primaryColumnName = '';
foreach ($indexs as $index) {
if ($index->type !== 'PRIMARY' || count($index->fields) !== 1) {
continue;
}
$primaryColumnName = $this->protectIdentifiers($index->fields[0], false, false);
$primaryColumnType = $columnTypeList[$primaryColumnName];
if ($primaryColumnType !== 'NUMBER') {
$primaryColumnName = '';
}
}
if (! $primaryColumnName) {
return 0;
}
}
$columnTypeList = array_column($fieldDatas, 'type', 'name');
$primaryColumnName = '';
foreach ($indexs as $index) {
if ($index->type !== 'PRIMARY' || count($index->fields) !== 1) {
continue;
}
$primaryColumnName = $this->protectIdentifiers($index->fields[0], false, false);
$primaryColumnType = $columnTypeList[$primaryColumnName];
if ($primaryColumnType !== 'NUMBER') {
$primaryColumnName = '';
}
}
if (! $primaryColumnName) {
return 0;
}
public function protectIdentifiers($item, bool $prefixSingle = false, ?bool $protectIdentifiers = null, bool $fieldExists = true)
{
if (! is_bool($protectIdentifiers)) {
$protectIdentifiers = $this->protectIdentifiers;
}
if (is_array($item)) {
$escapedArray = [];
foreach ($item as $k => $v) {
$escapedArray[$this->protectIdentifiers($k)] = $this->protectIdentifiers($v, $prefixSingle, $protectIdentifiers, $fieldExists);
}
return $escapedArray;
}
// This is basically a bug fix for queries that use MAX, MIN, etc. // If a parenthesis is found we know that we do not need to // escape the data or add a prefix. There's probably a more graceful // way to deal with this, but I'm not thinking of it // // Added exception for single quotes as well, we don't want to alter
else {
$conditions = [$cond];
$joints = [''];
}
$cond = ' ON ';
foreach ($conditions as $i => $condition) {
$operator = $this->getOperator($condition);
$cond .= $joints[$i];
$cond .= preg_match('/(\(*)?([\[\]\w\.\'-]+)' . preg_quote($operator, '/') . '(.*)/i', $condition, $match) ? $match[1] . $this->db->protectIdentifiers($match[2]) . $operator . $this->db->protectIdentifiers($match[3]) : $condition;
}
}
// Do we want to escape the table name? if ($escape === true) {
$table = $this->db->protectIdentifiers($table, true, null, false);
}
// Assemble the JOIN statement $this->QBJoin[] = $type . 'JOIN ' . $this->getFullName($table) . $cond;
$conditions = [$cond];
$joints = [''];
}
$cond = ' ON ';
foreach ($conditions as $i => $condition) {
$operator = $this->getOperator($condition);
$cond .= $joints[$i];
$cond .= preg_match('/(\(*)?([\[\]\w\.\'-]+)' . preg_quote($operator, '/') . '(.*)/i', $condition, $match) ? $match[1] . $this->db->protectIdentifiers($match[2]) . $operator . $this->db->protectIdentifiers($match[3]) : $condition;
}
}
// Do we want to escape the table name? if ($escape === true) {
$table = $this->db->protectIdentifiers($table, true, null, false);
}
// Assemble the JOIN statement $this->QBJoin[] = $type . 'JOIN ' . $this->getFullName($table) . $cond;
return $sql . " LIKE '" . $this->escapeLikeStringDirect($this->DBPrefix) . "%'";
}
return $sql;
}
/** * Generates a platform-specific query string so that the column names can be fetched. */
protected function _listColumns(string $table = ''): string
{
return 'SHOW COLUMNS FROM ' . $this->protectIdentifiers($table, true, null, false);
}
/** * Returns an array of objects with field data * * @return stdClass[] * * @throws DatabaseException */
protected function _fieldData(string $table): array
{
}
return $sql;
}
/** * Generates a platform-specific query string so that the column names can be fetched. */
protected function _listColumns(string $table = ''): string
{
return 'SHOW COLUMNS FROM ' . $this->protectIdentifiers($table, true, null, false);
}
/** * Returns an array of objects with field data * * @return stdClass[] * * @throws DatabaseException */
protected function _fieldData(string $table): array
{
/** * Increments a numeric column by the specified value. * * @return mixed * * @throws DatabaseException */
public function increment(string $column, int $value = 1)
{
$column = $this->db->protectIdentifiers($column);
$sql = $this->_update($this->QBFrom[0], [$column => "to_number({$column}, '9999999') + {$value}"]);
if (! $this->testMode) {
$this->resetWrite();
return $this->db->query($sql, $this->binds, false);
}
return true;
}
' AND "NAME" NOT LIKE \'sqlite!_%\' ESCAPE \'!\''
. (($prefixLimit !== false && $this->DBPrefix !== '')
? ' AND "NAME" LIKE \'' . $this->escapeLikeString($this->DBPrefix) . '%\' ' . sprintf($this->likeEscapeStr, $this->likeEscapeChar)
: '');
}
/** * Generates a platform-specific query string so that the column names can be fetched. */
protected function _listColumns(string $table = ''): string
{
return 'PRAGMA TABLE_INFO(' . $this->protectIdentifiers($table, true, null, false) . ')';
}
/** * @return array|false * * @throws DatabaseException */
public function getFieldNames(string $table)
{
// Is there a cached result? if (isset($this->dataCache['field_names'][$table])) {
. (($prefixLimit !== false && $this->DBPrefix !== '')
? ' AND "NAME" LIKE \'' . $this->escapeLikeString($this->DBPrefix) . '%\' ' . sprintf($this->likeEscapeStr, $this->likeEscapeChar)
: '');
}
/** * Generates a platform-specific query string so that the column names can be fetched. */
protected function _listColumns(string $table = ''): string
{
return 'PRAGMA TABLE_INFO(' . $this->protectIdentifiers($table, true, null, false) . ')';
}
/** * @return array|false * * @throws DatabaseException */
public function getFieldNames(string $table)
{
// Is there a cached result? if (isset($this->dataCache['field_names'][$table])) {
$type = strtoupper($type);
if (! in_array($type, ['MAX', 'MIN', 'AVG', 'SUM', 'COUNT'], true)) {
throw new DatabaseException('Invalid function type: ' . $type);
}
if ($alias === '') {
$alias = $this->createAliasFromTable(trim($select));
}
$sql = $type . '(' . $this->db->protectIdentifiers(trim($select)) . ') AS ' . $this->db->escapeIdentifiers(trim($alias));
$this->QBSelect[] = $sql;
$this->QBNoEscape[] = null;
return $this;
}
/** * Determines the alias name based on the table */
protected function createAliasFromTable(string $item): string
{
if (! in_array($type, ['MAX', 'MIN', 'AVG', 'SUM', 'COUNT'], true)) {
throw new DatabaseException('Invalid function type: ' . $type);
}
if ($alias === '') {
$alias = $this->createAliasFromTable(trim($select));
}
$sql = $type . '(' . $this->db->protectIdentifiers(trim($select)) . ') AS ' . $this->db->escapeIdentifiers(trim($alias));
$this->QBSelect[] = $sql;
$this->QBNoEscape[] = null;
return $this;
}
/** * Determines the alias name based on the table */
protected function createAliasFromTable(string $item): string
{
throw DataException::forEmptyPrimaryKey('insert');
}
$builder = $this->builder();
// Must use the set() method to ensure to set the correct escape flag foreach ($data as $key => $val) {
$builder->set($key, $val, $escape[$key] ?? null);
}
if ($this->allowEmptyInserts && empty($data)) {
$table = $this->db->protectIdentifiers($this->table, true, null, false);
if ($this->db->getPlatform() === 'MySQLi') {
$sql = 'INSERT INTO ' . $table . ' VALUES ()';
} elseif ($this->db->getPlatform() === 'OCI8') {
$allFields = $this->db->protectIdentifiers(
array_map(
static fn ($row) => $row->name,
$this->db->getFieldData($this->table)
),
false,
true
);
}
$builder = $this->builder();
// Must use the set() method to ensure to set the correct escape flag foreach ($data as $key => $val) {
$builder->set($key, $val, $escape[$key] ?? null);
}
if ($this->allowEmptyInserts && empty($data)) {
$table = $this->db->protectIdentifiers($this->table, true, null, false);
if ($this->db->getPlatform() === 'MySQLi') {
$sql = 'INSERT INTO ' . $table . ' VALUES ()';
} elseif ($this->db->getPlatform() === 'OCI8') {
$allFields = $this->db->protectIdentifiers(
array_map(
static fn ($row) => $row->name,
$this->db->getFieldData($this->table)
),
false,
true
);
$this->tbody = $this->makeTbodyForShowAllTables($tables);
CLI::table($this->tbody, $thead);
CLI::newLine();
}
private function makeTbodyForShowAllTables(array $tables): array
{
$this->removeDBPrefix();
foreach ($tables as $id => $tableName) {
$table = $this->db->protectIdentifiers($tableName);
$db = $this->db->query("SELECT * FROM {$table}");
$this->tbody[] = [
$id + 1,
$tableName,
$db->getNumRows(),
$db->getFieldCount(),
];
}
$this->restoreDBPrefix();
CLI::table($this->tbody, $thead);
CLI::newLine();
}
private function makeTbodyForShowAllTables(array $tables): array
{
$this->removeDBPrefix();
foreach ($tables as $id => $tableName) {
$table = $this->db->protectIdentifiers($tableName);
$db = $this->db->query("SELECT * FROM {$table}");
$this->tbody[] = [
$id + 1,
$tableName,
$db->getNumRows(),
$db->getFieldCount(),
];
}
$this->restoreDBPrefix();